Audit Collection and Gateway Server

There is a lot of questions regarding ACS and gateway server. Microsoft Audit Connection Service (ACS) is a new function in Ops Mgr that can collect logs from machines. All logs are saved in a special Audit Collection database. You can then run reports against the database to see trends and do security analyzes. You can also for example trace a user activity over many systems. Gateway server is a server service that allow Ops Mgr to monitor machine within non-trusted domains or in workgroups, without lower the security.

I did some tests today about ACS and gateway servers. In my test I had regular Windows Server 2003 domain with Ops Mgr installed, I also had a Windows Server 2008 machine running in another domain that I wanted to monitor. Normal agent installation did not work as there is no firest trust between my domains and the 2008 domain is running Windows Server 2008 Functional Level. Is is no problem installing the agent on a Windows server 2008 machine that are in the same domain as Ops Mgr.I installed a Windows Server 2003 as a gateway (GTW) server and then I manually installed the agent on my Windows server 2008 machine. After that I enable audit collection from operations manager console. During the ACS enable wizard you must do a override and speciy a ACS collector, else the agent will try to forward all events to the gateway server.



Summary: There is no problem with ACS in a gateway scenario like this. Just remeber to direct your ACS forwarder (the agent) to send its event data to a ACS collector. One of the news in Ops Mgr SP1 is that ACS is now supported on the Management and Gateway server roles.

One thought on “Audit Collection and Gateway Server

Comments are closed.